Most people these days are somewhat familiar with the traditional attack vectors of cybercriminals. Because of this, the bad guys are always exploring alternative options for spreading malware and stealing data, often in places where you would least expect it.
Here are three unexpected cybersecurity risks that you and your staff need to be aware of.
QR codes are those black and white square barcodes that started to become popular again during the pandemic, as restaurants would often use them to display digital menus to prevent the spread of germs on traditional paper or plastic menus.
It’s pretty likely that the QR codes the wait staff is handing out are safe, but a QR code is really nothing more than a website address, or in some cases a bit of text or some other small amount of code. When you scan it with your phone, your phone simply goes to that website address or reads the text or runs the code. It doesn’t take any effort to produce a QR code—they can be produced automatically or with free tools online.
What makes them potentially dangerous is that someone with bad intentions can easily take a malicious URL and create a QR code that leads people to it.
Here’s a hypothetical situation—many TSA checkpoints at airports offer to upsell travelers to skip the line. Usually they offer QR codes to scan while you are standing there waiting in line to try to get you to commit to the upsell. It wouldn’t be very complicated for someone to print off their own QR code that leads to a website that they created that looks like a TSA login, getting you to submit account information or make a quick transaction thinking it will get you through the line faster. If someone were to make their own QR code as a large sticker and cover up the correct QR code on some of the signage, it might take the TSA hours, or days, or longer before realizing what is happening.
This is just one example, so it’s best to stay vigilant. We’re not saying you shouldn’t scan any QR code, but only scan them when you are certain they are going to do what they are meant to do.
This isn’t really anything new. Ever since URL shorteners like Bitly and TinyURL have existed, people have been using them for nefarious purposes. These tools are really handy, because if you are using your website for marketing, you can drive people to a specific page with a URL that is much shorter and easier to type by using URL shorteners.
It’s just as easy for someone with bad intentions to take a malicious URL and shorten it to make it look more trustworthy. For example, one could make a website that looks like a local credit union, and create a short URL with Bitly and then share it with local users. To entice people to click on it and submit their banking information, it could be texted to local numbers with a message like “Alert - we’ve detected suspicious activity with one of your bank accounts. Please log in to review your account.” and then include the fake link.
It’s important to be skeptical of links like this, especially when they come with urgent messaging that is trying to get you to react without thinking clearly.
If you ever stumble across a random USB thumb drive or some other storage medium like a portable hard drive, your first instinct might be to plug it in and see what’s on it.
There are a lot of ways this can go south.
First, USB thumb drives are generally very cheap these days. You can order a bulk of 50 of them for around $60 on Amazon right now. For a novice criminal, it’s a very cost effective way to infiltrate a network with the right tools.
Most people are familiar with ransomware. Just in case, ransomware is a type of cyberattack that quickly locks down vast amounts of data on a device and the only way to get it back is to pay a ransom to the cybercriminals anonymously. Once a system or network is infected by ransomware, it’s pretty much impossible to clean it up without relying on a full backup restore, or submitting to the criminals and paying the ransom.
Now let’s stop right there and ask a fun question—do you ever wonder where all this malware and ransomware comes from?
As it turns out, a lot of modern ransomware is just software that criminals can buy and distribute. A criminal can purchase the software they need to deploy and manage ransomware campaigns off the Darkweb, and the software itself can run for as little as $20 to $50.
So for around (or less than) $100, a novice cybercriminal can load up 50 thumb drives with ransomware and drop them in office lobbies, parking lots, leave them on public transportation, or even toss them onto the desk of a receptionist who isn’t looking. As soon as the drive is plugged into a PC, it deploys the ransomware and immediately takes over the network until you pay.
These were some unexpected threats that can cause a lot of havoc on a business, but the traditional threats like phishing attacks, malware, sketchy email attachments, dangerous links, and more are still a problem that your staff needs to keep an eye out for.
The best solution is providing ongoing training and to make sure that your network and the devices on it are protected. At Capstone Works, we can help make sure your network is secure, and we offer solutions to help train and protect your employees, whether they are working within the office, remote, or a hybrid of both.
Let’s talk about protecting your business so that you can focus on running it. Give us a call today at (512) 343-8891.
About the author
Capstone Works, Inc. has been serving the Cedar Park area since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Comments
Learn more about what Capstone Works can do for your business.
715 Discovery Blvd
Suite 511
Cedar Park, Texas 78613